CVE-2024-37881

MEDIUM NUCLEI

SiteGuard WP Plugin <1.7.7 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2024-37881 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.

Nuclei Templates (1)

SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure

MEDIUMVERIFIEDby s4e-io

References (3)

Core 3

Core References

Various Sources

https://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.html

Product

https://plugins.trac.wordpress.org/changeset/3094238/siteguard/trunk/classes/siteguard-rename-login.php?old=2888160&old_path=siteguard%2Ftrunk%2Fclasses%2Fsiteguard-rename-login.php

Third Party Advisory

https://jvn.jp/en/jp/JVN60331535/

Scores

CVSS v3 5.3

EPSS 0.0117

EPSS Percentile 63.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-201 CWE-601

Status published

Products (1)

EG Secure Solutions Inc./SiteGuard WP Plugin prior to 1.7.7

Published Jun 19, 2024

Tracked Since Feb 18, 2026